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(57) Abstract 

A method to create, distribute and install on an installation computer a uniquely customised instance of a software application that 
is authenticable and traceable to a particular user. A secure distribution agent resident on a distribution computer collects indentifymg 
informaUon. and calculates a cryptographic signature of the software application and identifying information. The identifying infonnation 
and cryptographic signature are embedded in the software application by the secure distribution agent. The software application with 
embedded data is transmitted via a distribution channel to the installation computer. A user installation agent resident on the mstollation 
computer manages the instaUation of the software application witfi embedded data on die installation computer. Prior to installation, the 
user installation agent may use the cryptographic signature to verify that the software application, and the mdentifying information, are 
authentic and have not been tampered with. 
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METHOD AND SYSTEM FOR NETWORKED INSTALLATION OF 
UNIOUELY CUSTOMIZED, AUTHENTICABLE . AND TRACEABLE 
SOFTWARE APPLICATIONS 

FIELD OF THE INVENTION 
5 This invention relates to a method and system for the 

electronic distribution and installation to users via a network 
of software applications that are uniquely customized, 
authenticable and traceable to the individual user. 
BACKGROUND OF THE INVENTION 

10 With the increasing importance and reliance on 

networked computer environments such as the Internet, 
Electronic Software Distribution (ESD) is assuming an increased 
importance as a means of distributing software applications to 
users. The on-line infrastructures currently in place enable 

15 users to purchase and install software applications without the 
need for physical delivery of shrink-wrapped software. 
Typically, a software publisher will prepare a master of the 
software application for electronic distribution. A customer 
will then go on-line and submit an order to purchase the 

20 software application, which will be received and fulfilled by 
the publisher. The customer will then download the software 
application and install it to his/her own computer. 

A disadvantage of the current on-line infrastructure 
is that it delivers software applications to users in a form 

25 that is identical with those found in retail stores and 

catalogues. Absent cryptographic protection, users can freely 
share the distribution form of the software amongst themselves. 

Even where cryptographic protection are present, the 
potential for unauthorized copying is still significant because 

3 0 all the users possess identical copies (necessarily having 

identical encryption schemes) of a software application. There 
is in all such cases a single underlying decryption key, and in 
most cases this key, or an equivalent variant of it, is entered 
by the user, who can then share it with other users who can use 

35 it to obtain xinlicensed usage of the program. There exist 

today bulletin boards and Internet sites devoted to the sharing 
of such keys, which are visited by persons interested in 



BNSDOCID: <WO 984576aA1 J_> 



10 



15 



20 



25 



30 



35 



WO 98/45768 

PCT/CA98/00241 

- 2 - 

Obtaining unpaid for usage of programs by applying such keys to 
copies of the applications they have obtained. 

Further, even where more subtle anti-piracy schemes 
are in place in a software application, it is not uncommon for 
software "hackers" to produce "crack" programs which can be 
used to process a freely-distributed, limited functionality 
version of a program to produce a revised, fully- functional 
version of the same program which can be used without 
purchasing a license. Even the most ingenious forms of single- 
key mass distribution, which might involve input of one-time- 
only responses to a dynamic challenge to infer the key, are 
vulnerable to a "crack" which simply causes the application of 
the "true" universal decryption key. Although such "crack" 
involves more technical sophistication than sharing of keys as 
above, the distribution channels and potential effect on the 
product's revenues are very similar. 

In addition, software applications distributed by 
conventional ESD techniques provide no means to police their 
own integrity to prevent unauthorized tampering. 

Portland Software has produced an electronic software 
distribution system sold under the trade-mark ZipLock'" that 
packages software for electronic distribution over the 
Internet. The ZipLock™ system discloses a system that 
distributes, from a secure server to a client resident on the 
user's computer, a standard executable software application 
that is protected by means of a cryptographic key. Data input 
by the users is transmitted to the secure server and is used to 
construct a customized digital licence certificate that is 
transmitted to the user in a separate computer file. The 
Ziplock™ system does not provide a mechanism to detect 
tampering done to the executable software application itself, 
nor does it provide traceability if the digital licence 
certificate is not included with an unauthorized redistribution 
of the software application. 

The prior art discloses a number of other systems and 
methods to protect unauthorized use of software electronically 
distributed to users. in Choudhury U.S. Pat. No. 5,509,074, 
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there is disclosed a method of protecting electronically 
published materials using cryptographic protocols. A first 
described embodiment requires special purpose hardware to 
decrypt the document that is transmitted to the user. This 

5 eliminates the method from general use with personal computers 
used by the general public. In a second method, there is no 
requirement for special purpose hardware. In this method, the 
publisher modifies the inter-line or inter-word spaces of the 
document to make each document unique for each user. The 

0 unique document is then encrypted and transmitted to the user's 
computer. Upon receipt of the encrypted document, the user's 
computer will prompt the user to enter his/her secret key which 
is used to decrypt the document for viewing. The method 
disclosed by this reference does not prevent piracy, it only 

5 discourages piracy by making the pirated document traceable to 
the user. In addition, this reference pertains only to data 
files, not to the protection of executable files of any type. 

In Cane U.S. Pat No. 5,416,840, there is disclosed a 
method and system for protecting computer program distribution 

0 in a broadcast medium, such as radio frequency public broadcast 
or computer network. In this reference, the method involves 
encrypting at least a portion of a computer program, the user 
being supplied with a password for use in decrypting the 
computer program so that the computer program can be installed 

5 and used. A unique password is generated and transmitted to 
the user for subsequent use in decirj^ting the selected software 
program contained on the medium. While there is disclosed a 
method and system for the generation, transmission and use of 
unique passwords that cannot be shared among different users of 

0 the software application, this reference requires the user to 
own proprietary hardware that eliminates it from general use 
with personal computer owned by the general public. 

In Yuval U.S, Pat No. 5,586,186, there is disclosed a 
method and system for controlling unauthorized access to 

5 software distributed to users. The main components of the 

system are an encrypt or, a user key generator, and a decryptor. 
The encryptor generates encryption and decryption keys. 
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e™ed f T" """^ -c-yPtlon keys, and stores the 

IT^Z T """"^ °' '"^ ^"^-^"^^ -^i-. such 

as CD ROM. The user key generator generates a unique key uslno 

= ::::s":nrrT""°"^ " "^""^^-^ i-or^ation'r^ZHy" 

users and the deoryptron keys. The decryptor is responsible 
for decrypting the encrypted forms of the software using the 
.de„t.fy.ng information supplied hy the user, and the u!i^e 
en^hl -"-"^ disclosed by this refer^ce 

10 toT % °' logically Similar yZs 

l: T " °^ "•>lch is unique Z a 

partxcular user. However, this reference does not irscllse a 

'° « -"-re application with user-specLL 

data such that the software application itself can be 

15 HIT . ■ reference does not prevent 

15 Piracy by Sharing of keys; it only discourages it through 
traceability of keys. tnrougn 

SOMMABY OF THE 7;nVElITTn»l 

.l.^. ■ invention pertains to a method for the 

=0 iLtr °^ - -""are application from a 

the ste! "f r"*"" '° ^" installation computer comprising 
the steps of receiving at said distribution computer 

ifsaiM soL'"'"""""- identifying information 

in said software application at said distribution computer to 

5 c^t" ^^""^^^ application, generating a 

l"^ Signature for said identifiable software 

identiflatl. 'T"'"' signature in said 

authentic T" '° identifiable and 

identw^^ application, and transferring said 

0 T.t^Till -^---"^^le software application from said 
distribution computer to said installation computer 

""""'^ °* invention 

insL^r!.'" """""^ customization, delivery and 

annlic : '"""^ °' distributing a software 

> t!tanv c°" ' "^""^ ^-stallation of a 

totally generic, untraceable executable file on the 

installation computer, the method and system disclosed herein 
discloses a means to create, distribute and install on an 
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installation computer a uniquely customised instance of a 
software application that is authenticable and traceable to a 
particular user. 



5 user installation agent (UIA) resident on an installation 
computer to establish a connection through a distribution 
channel to a secure distribution agent (SDA) resident on a 
distribution computer. The UIA and/or SDA prompt the user to 
input identifying information that, together with business 

10 related information such as licensing terms, etc., is used to 
create a unique data set that is embedded in the desired 
software application by the SDA. By the use of a cryptographic 
hash algorithm, and private/public key cryptography wherein a 
private key is only known to the SDA, a cryptographic signature 

15 of the desired software application and embedded data set is 
calculated and also embedded into the software application. 
The software application with embedded data and cryptographic 
signature is transmitted via a distribution channel to the 
installation computer where it is installed on the installation 

2 0 computer. Optionally, the installation computer may use the 

cryptographic signature to verify that neither the software 
application, nor the embedded data have been tampered with. 
Public key(s) used to decrypt the cryptographic signatures may 
be transmitted to the installation computer with the software 
25 application, or by any other means, such as e-mail, Internet 
bulletin boards, etc. Following installation, the embedded 
data and cryptographic signature are used in a variety of ways, 
such as to provide a means to trace the software application to 
the user, to police the continued integrity of the software 

3 0 application, to ensure that license conditions continue to be 

met, to perform virus checking, or automatic upgrading of the 
software application itself. 
BRIEF DESCRIPTION OF THE DRAWINGS 



3 5 showing the various inputs and components of the system and 
method of the present invention; 



The method and system disclosed herein provides for a 



Figure 1 is a block diagram of a system overview 
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Figure 2 is a data flow diagram of the structure and 
operation of the Secure Distribution Agent employed by the 
present invention; 

Figure 3A is a block diagram showing details of the 
construction of the aggregate distribution file using a one- 
step cryptographic process; 

Figure 3B is a block diagram showing details of the 
construction of an aggregate distribution file using a two-step 
cryptographic process; 

Figure 3C is a block diagram showing details of the 
construction of an aggregate distribution file using a 
cryptographic process that is a variant of the two-step 
cryptographic process shown in Figure 3B; 

Figure 4 is a block diagram of 'the structure and 
operation of the User Installation Agent employed by the 
present invention; 

Figure 5 is a block diagram showing the means of 
extracting and authenticating embedded data from an installed 
dastrxbution file; 

Figure 6 is a flow chart of a first embodiment of the 
present invention that authenticates embedded data by means of 
a common encryption key; 

Figure 7 is a flow chart of a second embodiment of 
the present invention that authenticates embedded data by means 
Of a unique per-user encryption key; and. 

Figure 8 is a block diagram showing the various uses 
of the installed software application delivered to the user by 
means of the present invention. 

DETAILED nRSCRIPTION OF THE PPBPPPpxpt, EMROnTMirKT>r 

Figure 1 shows the various inputs and components of 
the system and method of the present invention. At the top 
level IS shown a representation of the Electronic Software 
Distribution (ESD) back-end components lo, which include 
Clearinghouses of software, software manufacturers, publishers 
credit card servers, etc., all of which interact with a Secure' 
Distribution Agent (SDA) 100 resident on a distribution 
computer that forms an essential part of the present invention. 
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The SDA 100 interfaces with these ESD back-end components 10 
via the Internet or private computer network to provide payment 
methods support, loading of software applications from 
publishers, etc. The exact nature of the ESD back-end 
5 components 10 may vary without affecting the method and system 
of the present invention. 

The SDA 100 is comprised of a system of co-operating 
software programs, which run in a secure environment. The 
nature of the secure environment is immaterial to the invention 

10 as long as it ensures the ability to protect the privacy of 
user data, authentication of users and possibly other third- 
parties, and suitable limitations on the operations which can 
be accessed externally. This environment might or might not be 
physically separated from an installation computer. The 

15 structure and operation of the SDA 100 is more fully described 
in Figure 2 . 

One of the inputs to the SDA 100 is a set of 
databases 2 0 of supported software applications, license terms, 
licensed users, etc. The SDA 10 0 transmits and receives 

2 0 relevant data to/ from the databases 2 0 prior to, and during the 
operation of the present invention. The exact nature and 
content of the databases 2 0 is not an essential feature of the 
invention . 

A distribution channel 3 00 is illustrated in Figure 1 

2 5 that can comprise computer networks such as the Internet, or 

private network, or a security layer as required to maintain 
security if the SDA 100 were located in close proximity with a 
user installation agent (UIA) 200. Alternatively, it may 
contain some combination of these elements. The distribution 

3 0 channel 3 00 is used to connect the UIA 2 00 to the SDA 10 0 (and 

thus connect the distribution computer to the installation 
computer) so that information may be exchanged between these 
two agents, and so that an aggregate distribution file 170 
(shown in Figure 2) can be distributed from the SDA 10 0 to the 
35 UIA 200. Though the distribution channel 300 is illustrated 
between the SDA 100 and the UIA 2 00, the system of the present 
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invention does not require that the SDA lOO be physically 
distant from the UIA 200. 

At a user's end is the UIA 200 which is an 
installation/automatic upgrade software program resident on the 
installation computer. This program is used to communicate via 
the distribution channel 300 to the SDA lOO, and to perform the 
required operations, more fully described below, on the 
installation computer. Though normally one UIA 200 would be 
required for each supported software application, persons 
skilled in the art would be familiar with the capability to 
develop a UIA 200 that would support multiple software 
applications. Also shown in Figure 1 is a distribution form 30 
of the UIA 200, including support files. The nature of the 
distribution form 30 of the UIA 200 is immaterial to the 
15 operation of the present invention. Any of CD ROM, World Wide 
Web (WWW) download, floppy diskette, etc. could be used. 

The UIA 200 accepts data 32 input from the user, such 
as name, address, payment options, etc., as well as data 
pertaining to the acceptance of an end-user license. 
Environment sensing data 34 such as speed of CPU, size of hard 
disk, speed of modem, etc. may also be input to the UIA 200 for 
processing. The identifying information processed by the UIA 
2 00 may include any information pertaining to the purchaser, 
the seller, the installation agent, date, serial number, 
license specifics, etc. This data may be used for the 
automatic registration of the desired software application with 
a pxiblisher or its commercial proxies. 

As noted above, the identifying data 32, 34 
constitutes identifying information concerning the user, its 
30 computer, etc. The identifying data 32, 34 is processed by the 
UIA 2 00 and transmitted to the SDA 100 via the distribution 
channel 3 00. Of course, it is understood that the identifying 
information does not necessarily have to be transmitted to the 
SDA 100 by means of the distribution channel 300. For example, 
the identifying information may be locally entered into the SDA 
100 by an agent using information received verbally, in 
writing, or in some other non-electronic manner. The SDA 100 
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combines the identifying data 32, 34 with the data stored in 
the databases 20 to produce an aggregated distribution file 170 
that is uniquely customized, authenticable, and traceable to 
the user. The aggregate distribution file 170 is transmitted 
5 via the distribution channel 300 to the UIA 200. The output 
from the UIA 200 is a uniquely customized software application 
15 (to be referred to below as an "installed aggregate 
distribution file") installed on the installation computer, 
with identifying information embedded therein. 
10 Though the description of the present invention 

implies that the "user" is an individual user of the software 
application 15 to be installed on a personal computer, persons 
skilled in the art will appreciate that the present invention 
would also operate in the context of a networked end-user 
15 environment, where the "user" was a network administrator 

responsible for installing software on a central server for use 
by a number of end users. 

Figure 2 is a data flow diagram of the structure and 
operation of the SDA 100 employed by the present invention. An 
20 original distribution file 130 is shown as an input to a 

conversion program 110. In the envisioned implementation, the 
original distribution file 130 is input to the SDA 100 by the 
databases 2 0 shown in Figure 1. It is understood that the 
original distribution file 13 0 does not necessarily have to be 
25 input to the SDA 100 by the databases 20, since the original 
distribution file 13 0 may already be resident on the 
distribution computer containing the SDA 100. The conversion 
program 110 has, as additional inputs, the data 14 0 to be 
embedded in the distribution file 130, and required 
30 public/private cryptographic key pairs 150. The embedded data 
14 0 is produced by a user interaction program 12 0 which 
interacts with the user through the UIA 2 00 to receive 
identifying data 32, 34 (shown in Figure 1) as well as data 
from the databases 2 0 of supported software applications, 
35 license terms, licensed users, etc. 

While the embedded data 14 0 can be of any form and 
content, it is anticipated that the embedded data 140 will 
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contain information enabling the software application 15 to be 
traceable to an individual user and license transaction. For 
example, the embedded data 14 0 can include a unique serial 
number used to identify the aggregate distribution file 170 to 
be distributed to the user. The would eliminate serial number 
fraud that is common in the software industry, whereby current 
software applications can only perform simple validity checks 
which can be fooled by widespread fraudulent re-use of a single 
valid serial number. The embedded data 14 0 may take the form 
of a complete license agreement customized to the individual 
user, including user name, address, software serial no 
license terms, etc. Records of the user information collected 
by the user interaction program 120 may be kept by the 
databases 20. 

The output of the conversion program lio is an 
aggregate distribution file 170 which contains both the 
contents of the original distribution file 130, the embedded 
data 140, as well as a cryptographic signature of the embedded 
data 140 and the original distribution file 130. The aggregate 
distribution file 170 is then transmitted via the distribution 
channel 300 to the UIA 200. The UIA 200 then installs the 
aggregate distribution file 170 on the installation computer 
once the aggregate distribution file 170 is installed, it takes 
the form of an installed aggregate distribution file 15. 

By means of its connection with the UIA 20 0, the SDA 
100 can negotiate arbitrary license terms with the user, 
display an End-User License Agreement (EULA) , confirm 
acceptance of that agreement, and automatically perform on-line 
registration of the software based on the already-established 
Identity of the user and the specific license terms. Subject 
to commercial and legal considerations, an SDA 100 could offer 
different pricing and license terms, and possibly different 
executable versions, to users in different countries, for 
example. In addition, differential pricing based on attributes 
of the installation computer such as CPU power could be 
provided . 
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The SDA 10 0 does not require intelligence within 
itself for functions such as establishing that a user's stated 
address and credit-card number are valid, consistent, and 
within a given geographical area. Such functions may be 
5 undertaken by the high-level ESD components 10 illustrated in 
Figure 1 . 

Figure 3A shows the procedure for constructing the 
aggregate distribution file 170 in greater detail. For the 
sake of illustration, the original distribution file 130 is 

10 assumed to have a structure including header information and 
different types of internal sections for code, static data and 
so on, such as a Windows^" 'Portable Executable' (PE) program 
file. One of ordinary skill in the art can appreciate that the 
method and system of the present invention can be applied to a 

15 number of different file formats. Similarly, the inputs 140^, 
151 to the conversion program 110, and output 170 from the 
conversion program 110 are illustrated to be computer files, 
but they could be in-memory images, streams from other 
processors, etc. 

2 0 A typical sequence of steps run by the SDA 10 0 to 

construct the aggregate distribution file 17 0 is described 
below, 

1. The conversion program 110 is run, as a result of the 
user interaction program 120 having determined that a. 
25 conversion is required i.e. that a delivery of a particular 

aggregate distribution file 170 according to the method of the 
present invention is authorized, and that the required embedded 
data block 14 0 has been constructed. All subsequent steps are 
executed by the conversion program 110 unless otherwise 

3 0 indicated. 

The object is to obtain what is often referred to as 
a "digital signature", or "cryptographic signature" which 
inherently has two aspects : 

(i) By the use of a cryptographic hash algorithm, the 
35 production of a cryptographic fingerprint that 

uniquely corresponds to the data "ed" 130, 140; and 
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(ii) Protection of that cryptographic fingerprint by 
encrypting it with a private key, such that the 
recipient of the cryptographic fingerprint may, by 
using a public key and the cryptographic algorithm, 
verify that the data -ed" 130, 140 is intact, without 
having the ability to generate a new cryptographic 
fingerprint, and plausibly change the data. 
These two steps are essential to realize the advantage of 
the present invention, since without both steps a third 
party may intervene and alter data without the recipient 
being able to detect it. This procedure is to be 
distinguished from simply encrypting the data "ed" 130, 
140, which is a step that is not necessary to the 
operation of the present invention since there is no way 
to plausibly alter the data 13 0, 140 without such 
alterations being detectable. 

2. The input/output logic ill of the. conversion program 
110 reads in the desired original distribution file 130, its 
corresponding cryptographic private key 151, and the data to be 
20 embedded 140. Though not required by the conversion program 
110, a public key 152 may be passed through in order that it 
may be added to the aggregate distribution file 130. Utilizing 
cryptographic hash algorithms 112 and Public-Private key (PPK) 
encryption algorithms 113, a cryptographic signature 174 is 
25 produced. The basic steps of this process are: 

2.1 Apply a one-way hash function "hf" to the data "ed" 
130, 140 producing a cryptographic fingerprint "edh", that 
is edh = hf (ed) . The requirements for this cryptographic 
fingerprint are as follows: (i) that it produce a 
30 reasonably compact result i.e. size(edh) « size(ed), and 

preferably a fixed- length result; (ii) that the 
fingerprint alone cannot be used to ascertain the original 
data block back i.e. there is no back-hash function "bhf" 
such that bhf (edh) = ed; (iii) that it be extremely 
35 sensitive to changes in "ed"; say, that a single-bit 

change in "ed" changes on average 50% of the bits in 
-edh", and (iv) that it is extremely difficult to 
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construct a false embedded data block "fed" which produces 
the same fingerprint as "ed", that is hf (ed) = hf(fed). 
There are a number of algorithms which satisfy these 
requirements, such as MD5 (Message Digest 5) and SHA 
(Secure Hash Algorithm).. Other algorithms that also meet 
the above criteria that may be employed by the present 
invention. 

2.2 Encrypt the cryptographic fingerprint "edh" using the 
private key 151 "prk" and a public/private encryption 
function "ppef" to produce a cryptographic signature "edf" 
174, that is: edf = ppef (prk, edh). The requirements for 
the encryption function "ppef" are as follows: (i) that it 
produce a result not substantially larger than its input; 
(ii) that it effectively protect relatively short data 
sets, since "edh" will be bytes long rather than kilobytes 
long; (iii) that is computationally infeasible to use the 
public key 151 ("puk") and the cryptographic signature 
"edf" 174, or multiple instances of "edf" 174 (which will 
be visible on the installation computer) to infer the 
private key "prk", that is, there is no cracking function 
«cf" such that: puk = cf (edf, puk); (iv) that there is no 
conceivable means of replicating the behaviour of "ppef" 
using "prk" without in fact possessing both "ppef" and 
"prk". In principle, "ppef" can be inferred from its 
corresponding decryption function,, so "prk" is the 
important secret in practical terms; (v) that the 
corresponding public -key decryption function "ppdf" have 
acceptable performance on a typical installation computer 
for the pertinent file sizes. Note that if a specific 
ppef/ppdf is chosen for security reasons and does not 
yield acceptable performance, the encryption could be 
applied to only a portion of the selected files and still 
offer the same benefits; (vi) that it be suitable 
(preferably, via established cryptanalysis) for specific 
application in this domain i.e. digital signatures. There 
are a number of algorithms which might satisfy these 
requirements, such RSA and those of Rabin and ElGamal . The 
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careful selection of implementation parameters can help 
attain required security and performance 

lata 

5 till I . original 

^T^V "° '° '"^-"^"^ distribution 

the middle of a file, since it must be compliant to the format 
requirements Of the particular file types, .or example, 
headers may have to be updated to identify the new data etc. 

The system and method of the present invention does 

s gnat^:" : b" - t-^e cryptographir 

signature 174 be positioned in any particular manner in the 
aggregate distribution file l,o. «.at is necessary is that- 
U) the software on the installation computer, and the UIA 200 

■ c^t" "h'"' '° ^■^'''^^^ and 

cryptographic signature 174, and ,ii, that the aggregate 

distribution file 170, after it is installed on the 

installation computer, be able to perform its intended 

function; for example. If it is an executable file, that it 

it cLTfr r "'"""""^ Platform requirements so 

It can load and run on the Installation con^uter as it might 

IZ llTf P"«ss. Por example, if the file 

""""^ '° ="r«" computers containing an 
Intel microprocessor and running a Microsoft- windows- 
cperatmg system, the conversion program 110 could inspect the 
"header- section of the original distribution file 130 to 
determine Where there were sections containing static data so 
as to avoid sections containing executable code. A static data 
section would be selected and a suitable location for the 
embedded data bloc. 171 and cryptographic signature 174 Lid 

determining that an existing static data block had unused 

static L ^ 'r '° a 
static data bloCc, or ,iil, expanding an existing static data 

st«„ . "^^ "^"""'^O i" "sure 3A discloses a one- 

step process wherein cryptographic signature 174 is ascertained 
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for the original distribution file 130 and the embedded data 
140. An optional method, such as that illustrated in Figure 
3B, would be to employ a two-step process wherein a 
cryptographic signature 172 of the embedded data 171 is first 
5 produced using the same algorithm described in step 2 above. 
This embedded data cryptographic signature 172 is then itself 
embedded into the original distribution file 130. The original 
distribution file 13 0, embedded data 171, and embedded data 
cryptographic signature 172 are then input to the second 

10 cryptographic step, wherein an overall cryptographic signature 
176 is ascertained using the same algorithm described in step 2 
above. The benefit of the two step process is that it augments 
the capabilities of the system and method of the present 
invention to authenticate and detect tampering in the software 

15 application installed on the installation computer. For 

example, separate cryptographic public/private key pairs could 
be provided for the two cryptographic signatures 172, 176 . . 
Furthermore, the two-step process allows the embedded data 171 
to be extracted and authenticated, even if the original . file 

2 0 contents 173a, 173b have been corrupted. 

Another alternative is to construct the aggregate 
distribution file 17 0 using a variation of the two-step 
cryptographic process wherein a first cryptographic signature 
175 is made of only the original file contents 173a, 173b, and 
25 a second cryptographic signature 172 is made of the embedded 
data 171. This is illustrated in Figure 3C. This scheme has 
all the advantages of the two-step process illustrated in 
Figure 3B, and also allows for separate authentication of the 
embedded data 171 and the original file contents 173a, 173b. 

3 0 This would allow a user to verify that original distribution 

file 13 0 provided by the publisher had not been altered by the 
on-line installation process disclosed by the present 
invention. 

One of ordinary skill in the art will appreciate that 
3 5 any of the cryptographic signatures 172, 174, 175, 176 shown in 
Figures 3A, 3B and 3C do not have to be produced using the same 
set of cryptographic public/private key pairs, or even the same 
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cryptographic algorithms. As well it r,^^ 
. ^ wexx, It IS not necessary that 

the cryptographic signatures 172, 174 175 176 . -, . 
each Hm^ =^ 1/5, 176 be calculated 

each time an aggregate distribution file 170 is distributed to 
a user. The SDA 100 could maintain a database of 
partlally-precon^uted signatures to speed up the related 

sucoort T ^^^"^"i'y °^ cryptographic hardware 

support such as RSA co-processors in the installation computer 
could be used to attain good responsiveness with maximal 
security. ^ well, it is not essential that the aggregate 
0 ^"tribution file 170 be constructed in its entirely by tL SBA 

'be i"br"^'^'" "-^ ^^^"-"^ distrLIil f it 

170 be derivable in its entirety by the uia 200 

the tl« ,„r^"/ Illustrates the structure and operation of 
the UIA 200 Which consists of a transient installation index 
■ 204, a transient installation input fileset 205, and a UIA 
proper executable software program 203. one skilled in the art 
will appreciate that there are many ways in which the axl 

thl'^r.s 200°*" Since a significant part of 

Ii!l .1 functionality involves user interaction and 

txl Zo VT implementation of the 

,1.. t """"^ " - world Wide web 

(WWW, browser, or Implementing it as a stand-alone program 
which Itself embeds or invokes already-present browser 
capability on the installation computer. 

A typical execution sequence of the niA 200 is 
described below: 

30^ h^' v""'' program 203 and its support data 204. 

^s^:: i-tanatlon computer, the use; 

runs the OIA program 203. Bote that the UIA program 203 could 
also have been initiated remotely e.g. sent as an active 
program within a browser framework by a WWW server. Unless 
otherwise stated, all subsequent steps are executed by the uiA 
program 2 03. ^ 

fileJ; i«"allation index 204 and installation input 

l^ l^.T\"\"T "'^ i-tallation computer to determine 
the particular default SDA loo appropriate for the installation 
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of the desired software application (known as the "installed 
aggregate distribution file") 15. 

3. The installation computer is examined to determine 
the probable means of establishing communications with the SDA 
5 100, for example, the presence of TCP/IP network interfaces, 
modems etc. If no such means are found, the program optionally 
assists the user to find parameters which will work properly, 
then fails with a warning. This is because access to the SDA 
100 is essential for operation of the invention. 

10 4. The user 1 is prompted with the default data from 

steps (2) and (3) above, i.e. informed where the UIA program 
203 will look for the desired SDA 100, and over what sort of 
distribution channel 300. The user 1 is then given an 
opportunity to change this information, either for commercial 

15 reasons (e.g. maybe an SDA has changed names or locations) , or 
for technical reasons (e.g. the user does not have working 
TCP/IP connectivity and wants to use a straight modem link, 
perhaps via an 8 00 number,) 

5. Via the distribution channel 300, the UIA program 203 
20 establishes contact with SDA 100. If this cannot be done, the 

UIA program 203, after optionally helping the user determine 
parameters which will work properly, fails with a warning. 
While the security of the distribution channel 300 is optional 
to the operation of this invention, it is expected that the 

2 5 distribution channel 3 00 will support appropriate protocols to 

protect the SDA 10l3 from fraud. A common protocol supporting 
authentication and privacy, such as Secure Sockets Layer (SSL) 
is appropriate . 

6. The UIA program 203 acts as an intermediary between 

3 0 the user and the SDA 100, enabling the user 1 to establish any 

legitimate agreement which the SDA 100 supports with respect to 
the desired installed aggregate distribution file 15. The UIA 
program 2 03 also has the ability to determine whether the 
available system resources of the installation computer meet 
3 5 the requirements of the desired installed aggregate 
distribution file 15. 
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There are no technical limits to the variety of 
optxons that can be displayed to the user, the questions the 
user n,ight be asked, the data that might be gathered about the 
installation computer, etc. since the SDA lOO is being run 
throughout the data gathering, data embedding, software 
distribution and software installation process, the system and 
method of the present invention can employ various levels of 
cryptography without the user ever being informed of the 
cryptographic keys, or any information from which they could be 
derived. This is unlike other electronic delivery systems 
which typically require subsequent off-line entry of 'secret 
keys' or derivates thereof which have been explicitly divulged 
to the user. of course, public keys used for the 
authentication of cryptographic signatures are an exception in 
that the user may be able to determine them easily, however 
this IS not a security issue since they have no fraudulent 
application. 

7. Assuming that the user i meets all the criteria 

set out by the SDA 100, the SDA 100 will determine a specific 
set of files that must be transmitted to the UIA 200 to 
complete installation on the installation computer, notably 
including at least one aggregate distribution file 170 (shown 
in Figures 3A-3C) . It is immaterial to the system and method 
of the present invention what is the nature of the agreement 
entered into between the user i and SDA lOO, or how it is 
validated. That is the responsibility of the SDA 100 and its 
subtending commercial systems lo, if any. Most importantly, 
the UIA 200 does not and cannot itself decide whether an 
agreement has been reached between the user and the SDA lOO 
The UIA 200 does not have, and should not have, access to all 
the information required to complete the installation, except 
through interaction with the SDA 100. 

8. The SDA 100 transmits an index of the required 

distribution files to the UIA 200 via the distribution channel 
35 300. The UIA 200 uses this index to augment its own local index 
204 forming a complete index for the upcoming installation 
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9. The SDA 100 constructs one or more aggregate 
distribution files 170 and any other files required for the 
installation, and transmits these files to the UIA 2 00 via the 
distribution channel 300. 

10. Using its local index and support files 204, 205 
the UIA program 203 completes the installation of the installed 
aggregate distribution file 15 in a manner compliant with the 
platform of the installation computer. In particular, the UIA 
200 installs the aggregate distribution file 170 such that the 
cryptographic signature 174 and the embedded data 171 are 
unaffected. Once the aggregate distribution file 170 is 
installed on the installation computer, it is referred to as an 
installed aggregate distribution file 15. The UIA program 203 
will also perform other system updates 212 as necessary, such 
as updating the operating system registry (in the case of 
Windows 95™), and installing any additional application files. 
Other optional operations, such as leaving an appropriate 
'uninstall' utility, may also be involved. 

12. If an error should occur, the UIA program 203 may 
signal the SDA 100 to re-initiate the installation. If no 
error has occurred, the UIA program 2 03 signals the SDA 10 0 
that all required data has been received. This could, for 
example, be used as the trigger signal for the SDA 100 to ■< 
commit to a financial transaction. Leaving the financial commit 
to this late part of the process minimizes the probability of 
the user being charged for a software application which has not 
been successfully installed, thus reducing one cause of 
customer frustration. 

13. The UIA program 203 deletes any transient files, 
indices etc, that it might have placed on the installation 
computer. 

14. The UIA program 203 disconnects from the SDA 100 
and the distribution channel 300 and exits. 

Upon successful completion of the optional 
authentication procedures described in further detail below, 
the user can then run the installed aggregate distribution file 
15 on the installation computer. It should be understood that 
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the authentication procedures described below can be done 
either before or after the installation is completed. 

The method and system of the present invention would 
diminish disputes arising from software which is purchased but 
not successfully installed. The UIA 200 can detect and warn 
the user if the installation computer had inadequate resources 
to run the desired software application, before any financial 
transaction has been made. Further, the final financial 
commitment to purchase the software application by the user can 
be done late in the installation process so that the 
probability of the financial transaction being successful, but 
the installation itself failing, would be low. 

One of ordinary skill in the art will appreciate that 
the UIA 200 may be distributed to users in a mass-produced 
media form containing the original distribution file 13 0 or a 
derivative thereof not subject to successful fraudulent re-use 
through simple copying, m this scenario, the SDA 100 would 
transmit to the UIA 200 only the incremental information which 
the UIA 200 would require to construct the aggregate 
20 distribution file 170 and complete the installation. Any 

attempts to pirate the software application can be defeated by 
ensuring that the distribution form of the UIA 200 contains an 
incomplete set of executable files, thereby requiring essential 
data from the SDA 100 to be capable of executing on the 
25 installation computer. 

Figure 5 illustrates the means of authenticating and 
extracting user data from an installed aggregate distribution 
file 15 to verify that neither the original file contents 173a 
173b, nor the embedded data 171 have been tampered with. This' 

3 0 step is optional to the operation of the present invention 

because the installed aggregate distribution file 15 may be run 
by the user without authentication. it should be understood 
that the authentication procedures described below can be done 
either before or after the installation is completed, if 

J5 authentication is done prior to installation on the 

installation computer, then the following procedures are 
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directed by the UIA 203 to the aggregate distribution file 170, 
instead of the installed aggregate distribution file 15. 

The process illustrated in Figure 5 is in relation to 
an installed aggregate distribution file 15 constructed using 
5 the two-step process illustrated in Figure 3B. The principles 
of authenticating and extracting user data from an installed 
aggregate distribution file 15 constructed using the one-step 
cryptographic process illustrated in Figure 3A, or the variant 
of the two-step process illustrated in Figure 3C, are the same 
10 as those described below, with appropriate modifications, 

depending on the nature of the cryptographic signatures to be 
compared . 

Though a separate authentication and reading program 
4 00 is shown performing the functions of authentication and 

15 reading of embedded data 171, a person skilled in the art wi^l 
appreciate that these functions need not be embodied in such a 
stand-alone program, and could be incorporated as functions of 
other programs, such as the UIA 200, a license -checker, a 
virus -checker, a program loader, a copy program, etc. A 

2 0 typical execution sequence of the authentication and reading 
program 400 is described below: 

1. The authentication and reading program 400 is run, 
either by a user or by automatic invocation from another 
program such as the UIA 200. Unless otherwise indicated, the 

2 5 following steps are all executed by authentication and reading 
program 4 00 . 

2. Determine which installed aggregate distribution file 
15 to process, either by prompting the user or having this 
passed as a parameter by the UIA 200. Also determine (if 

30 derivable therefrom in the particular implementation, as 
opposed to being contained in the file itself) , which 
particular public key 152 is applicable to this installed 
aggregate distribution file 15. 

3. Open the installed aggregate distribution file 15 in 
35 question and check that it meets the applicable format 

requirements- For example, a given implementation might 
support executable (EXE) and dynamic link library (DLL) files 



BNSDOCID: <WO 9845768AlJ_> 



wo 98/45768 



PCT/CA98/00241 



10 



15 



- 22 - 

in the 'PE' format for Intel™ processors. if the installed 
aggregate distribution file 15 fails these basic checks, or is 
not found, the authentication and reading program 400 fails 
with an appropriate warning. 

4. Examine the file to determine the location of the 
overall cryptographic signature 176, the embedded data 
cryptographic signature 172, and the embedded data 171. The 
installed aggregate distribution file 15 can be formatted in 
various ways to support this, such as including pointers to 
these sections in the file header. If applicable in the 
particular implementation, (i.e. the public key 152 is included 
in the file as opposed to being otherwise determined the 
authentication and reading program 4 00) , find and extract the 
required public key 152. 

If any of the above steps fail, the authentication and 
reading program 4 00 fails with an appropriate warning. 

5. Use the public key 152 to decrypt the overall 
cryptographic signature 176 into its unencrypted form 176a (the 
decrypted remote overall fingerprint) . 

^° ^- using the same known cryptographic signature algorithm 

as was employed by the SDA 100, calculate a local version I76b 
(the locally calculated overall fingerprint) of the overall 
cryptographic signature. This calculation will necessarily 
exclude the overall cryptographic signature 176 itself i.e. 
cover all parts of the installed aggregate distribution file 15 
except 176, in order that the locally calculated overall 
fingerprint I76b will not depend on itself. 

7. Compare the locally calculated overall fingerprint 
176b to the decrypted remote overall fingerprint 176a. If they 
differ, the authentication and reading program 400 will fail 
with a warning that the installed aggregate distribution file 
15 has been corrupted. At this point, the UIA 200 may be 
invoked to contact the SDA lOO to re -acquire the installed 
aggregate distribution file 15. 
35 8. Extract the embedded data 171 and present it 

graphically to the user, if the. program has been user-invoked. 
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or pass it in message form to the invoker routine, if 
software - invoked . 

9. Use the public key 152 to decrypt the embedded data 
cryptographic signature 172 into its unencrypted form 172a (the 

5 decrypted remote embedded data fingerprint) . 

10. Calculate a local version 172b (the locally 
calculated embedded data fingerprint) of the embedded data 
cryptographic signature 172 using the same known cryptographic 
signature algorithm as the SDA 10 0 used. 

10 11. Compare the locally calculated embedded data 

fingerprint 172b to the decrypted remote embedded data 
fingerprint 172a. If they differ, the authentication and 
reading program 4 00 will fail with a warning that the embedded 
data 171 has been corrupted. 

15 A similar procedure of comparison would be followed 

in respect of the cryptographic signature 174 if the one step 
process illustrated in Figure 3A had been followed. As well, a 
similar procedure of comparison would be followed in respect of 
the original file contents cryptographic signature 175 if the 

2 0 variant of the two-step cryptographic process illustrated in 
Figure 3C had been undertaken. 

Figure 6 is a flow- chart of a summary of the 
procedures described in relation to Figures 2, 2K, 3B, 3C, 4 
and 5. It should be noted that the public key 152 used to 

2 5 authenticate the integrity of the installed aggregate 

distribution file 15 could be delivered to the UIA 200 by any 
means since it is not a secret and might be useful for more 
than one purpose. For example, the public key may be embedded 
in the aggregate distribution file 170, it may be explicitly 

3 0 sent to the user as a separate file or message, or it may be 

obtained automatically by the installation computer from a 
network trusted authority (e.g. Verisign™ Inc.) 

Figure 7 is a flow-chart of another set of procedures 
that may be employed in accordance with the present invention, 
35 whereby the original file contents 173a, 173b are encrypted 
using a unique private key calculated by the SDA 100 for this 
particular transaction. A record of this unique private key is 
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kept by the SDA lOO, and the corresponding unique public key is 
transmitted with the aggregate distribution file 170 via the 
distribution channel 300 to the UIA 200. The UIA 200 will 
decrypt the aggregate distribution file 170 using the public 
key. For security reasons, it is preferred that this public 
key not be permanently stored on the installation computer. 
Instead, the unique public key would exist only in the 
computer's Random Access Memory (RAM) for the duration of the 
installation. This makes usable redistribution of the 
aggregate distribution file 170 practically impossible. 

Although the present invention has been described 
with reference to the preferred embodiments, one of ordinary 
skill in the art will recognize that a number of variations, 
alterations and modifications are possible. In Figure 8 there 
is an illustration showing the various uses of the installed 
aggregate distribution file 15. After installation and 
authentication by the UIA 200, the installed aggregate 
distribution file 15 may run normally without making use of the 
embedded data 171 in any way. To ensure licence compliance, 
the installed aggregate distribution file 15 may also be run in 
association with a license -enforcement program that verifies 
that any license terms comprising part of the embedded data 171 
are being complied with. The embedded data 171 and 
cryptographic signatures 172, 174, 175, 176 (depending on the 
manner in which the aggregate distribution file 170 was 
constructed) may also be used as an input to a virus checker 
that may perform an integrity check on the installed aggregate 
distribution file 15 by using the public key 152 and the same 
known cryptographic signature algorithm as was employed by the 
30 SDA 100. Each time the installed aggregate distribution file 
15 is run, the authentication and reading program 400 shown in 
Figure 5 may also be run, either by itself, or in association 
with an authenticating loader that would reject tampered files, 
and would not permit a tampered installed aggregate 
35 distribution file 15 to be run. The embedded data 171 may also 
be used simply for display to the user. 
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The method and system disclosed herein can also be 
used to upgrade an installed aggregate distribution file 15 
present on an installation computer. In this case, the UIA 200 
and the SDA 100 would verify of the license status of the 
5 installed aggregate distribution file 15 present on the 

installation computer, and then invoke the method and system 
disclosed herein to construct, deliver and install an upgraded 
version of the installed aggregate distribution file 15 to the 
installation computer. The capability to invoke the upgrading 

10 feature of the present invention could be done at the request 
of the user, or it could be invoked automatically upon 
detection by the UIA 2 00 of the availability of a new version 
of the original distribution file 130. 

The uniqueness of the installed aggregate 

15 distribution file 15 can be used to restrict its operation to a 
specific central processing unit (CPU) on the installation 
computer. The identification of the CPU for these purposes 
would be done by the UIA 2 00 during the stage of gathering data 
32, 34 for transmission to the SDA 100. 

20 The SDA 100 and UIA 200 disclosed herein are not . 

restricted to being invoked at the time of installation or 
upgrading of the installed distribution file 170. For example, 
in a computer game environment, the SDA 10 0 and UIA 2 00 could 
be invoked when the user reaches a certain point in the game, 

2 5 giving the user the option to purchase additional 

functionalities or levels for the game. 

This disclosure does not presuppose that the UIA 20 0 
does not possess added intelligence to increase the 
functionality of the present invention. For example, the UIA 

3 0 2 00 may possess the intelligence to find and recognize separate 

Personal Digital Certificates on the installation computer 
which establish his identity for purposes sufficient to 
authorize all, or part of, the transaction in question. Such 
Personal Digital Certificates and their method of application 
3 5 would conform to established standards such as those used by 
commercial certificate provider Verisign™ Inc. In addition, 
the UIA 2 00 could possess the intelligence to find and 
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recognize digital "coupon" cert^ f i r-^h^c , • ^ 

the us^r h;,= certificates which establish that 

cne user has some specific n-ri tr-i i i. 

a sneci£l= nvi. , Pecitic privilege, such as an entitlement to 
Lilt. . I ^ °' software, or one which 

^ establishes his membership in a specific group, such as a 
B co^any. m addition, the Ul^ .00 could locate pre-exLting 
files installed according to the nethod of the present 
invention, and examine the embedded data 171. if the UIA 200 

affect the terms of the transaction, or which may indicate a 

::r::a;::!t''th"""r 

can transmit this information to the SDA 100 so that it can 
suitably mediate the transaction, advertise an upgrade etc A 
typical example of this would be examining a word processi:g 
15 tf det accordance with the present invention 

15 to determine that the user is entitled to a free upgrade, which 
the present invention can then proceed to install 

m another set of variations of the invention the 
installed aggregate distribution file 15 is one which uses the 
20 di::r''r.°' "-^^^ Algorithmic Authorisation as ' 

robust self -policing of its own Integrity. m a first 
variation, the run-time MAA algorithms, which already have the 
capability of using the installed aggregate distribution fi e s 
IS own code as an input retired for proper operation, and tL 
25 Of forcing catastrophic failure in the event of tampering have 
the scope Of this input expanded to include an 
in-memory copy of one or ^re of the data items added by the 
SDA 100. such as the overall cryptographic signature 176 

^° " variation, the "launch stub- component 

30 could go further, extracting and decoding the embedded'da:: !,! 
in the installed aggregate distribution file 15, and comparing 
the license terms therein ,e.g. a specific CPU identified by, 
say. a certain physical Media Access Control address on a 
network card) to those it found by examining its current 

ZorLT"" Pri-iPles Of »ortel 

Algorithmic Authorisation, the -launch stub- would not have to 
•decide- Whether to proceed, since such decision- 
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points are obvious attack points for 'hackers' wishing to 
defeat security mechanisms. Rather, it could modify data upon 
which proper program operation depended, in such a way that the 
program would continue to run properly only if said data 
5 corresponded to the proper environment per the license. As for 
the first variation, the application would have been 
pre-constructed for the specific instance, as per the 
patent -pending technology, in such a way that its proper flow 
of control used input data that was initially 'incorrect' in 

10 just such a way as to be 'corrected' only by application of the 
correct license data, or a simple derivative thereof. 

The invention disclosed herein does not necessarily 
alter the functionality of the installed form of the installed 
aggregate distribution file 15, it only adds information and 

15 authenticability to it. However, there are a number 

of means by which the behaviour of the installed aggregate 
distribution file 15 can be mediated in new ways enabled by 
this invention. In one variation, the SDA 100 would have 
access to a variety of executable forms for a given program, or 

2 0 to software routines which would dynamically construct variant ^ 

forms, in order to produce a program which meets 

particular customer function/cost requirements, and/or which ^„ 
actively binds itself to very specific license terms. For 
example, in the Microsoft Windows™ environment, different 
25 behaviour could be embodied by different Dynamic Link Libraries 
(DLLS) which could be selectively included. 

In another variation, the initial executable form of 
the program file would have specific functional and 
license-binding choices built-in, and the SDA 100 would inject 

3 0 (possibly authenticable) data into the executable file which 

caused it to exhibit the desired behaviour. In yet another 
variation, the SDA 100 could make use of routines with detailed 
knowledge of specific program structures in order to add 
variant code to a pre-existing executable program which was not 
35 explicitly designed to accommodate such variation. 

The described embodiments of the present invention 
focus on a single "core" file of a specific file type as the 
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ZZllT\o ^ application- s installation ana 

certainly be applied to more than one file or file tvn. / 
particular case. Por example, all of the sLtL fi e^ " ^ 

application could receive 
embedded information such that they were all authenticablaanr 
associable with the particular application and instal\tir^ 
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We Claim: 

1, A method for the electronic distribution of a 

software application from a distribution computer to an 
installation computer comprising the steps of: 

a. receiving at said distribution computer 
identifying information; 



b. embedding said identifying information in said 
software application at said distribution computer to 
form an identifiable software application; 

c. generating a cryptographic signature for said 
identifiable software application; 

d. embedding said cryptographic signature in said 
identifiable software application to form an 
identifiable and authenticable software application; 
and 

e. transferring said identifiable and authenticable 
software application from said distribution computer 
to said installation computer. 

2, The method of claim 1, wherein the step of generating 

0 a cryptographic signature for said identifiable software 
application includes the steps of 

a. applying a one-way hash function "hf" to the 

identifiable software application "ed" producing a 
hash result "edh", where edh = hf (ed) ; and 

5 b. encrypting the hash result "edh" using a 

cryptographic key to obtain a cryptographic 
signature . 



9845768A1 I > 



^^^^^^^S^*^* PCT/CA98/00241 

- 30 - 

^- "^^^ method of claim 2, wherein the one-way hash 

function is generated using any one of a Message Digest 5 (MD5) 
algorithm and a Secure Hash Algorithm (SHA) algorithm. 

4 • The method of claim 2 or 3 , wherein the step of 

5 encrypting the hash result "edh" includes the step of using a 
public/private encryption function "ppef" and a private 
encryption key "prk" to encrypt the hash result "edh" to 
produce a cryptographic signature "edf" where edf = ppef (prk 
edh) . 

■"•^ ^- method of claim 4, wherein the public/private 

encryption function "ppef" is generated using any one of an RSA 
algorithm, a Rabin algorithm and an ElGamal algorithm. 

6. The method of claim 1, 2, 3, 4 or 5, wherein the 
distribution computer and the installation computer are 

15 connected by the Internet. 

7. The method of claim 1, 2. 3, 4, 5, or 6, wherein the 
identifying information received at said distribution computer 
is transmitted from said installation computer. 



20 



25 



30 



8- A method of receiving electronically at an 

installation computer a software application distributed from a 
distribution computer con^rising the steps of: 

a. receiving an identifiable and authenticable 
software application from the distribution computer, 
the identifiable and authenticable software 
application having embedded therein the identifying 
information and a cryptographic signature of the 
identifiable and authenticable software application; 
and 

b. installing the identifiable and authenticable 
software application at the installation computer. 
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9. The method of claim 8, wherein prior to the step of 
receiving an identifiable and authenticable software 
application from the distribution computer, the installation 
computer transmits identifying information to the distribution 
computer. 

10. The method of claim 8 or 9, wherein prior to the step 
of installing the identifiable and authenticable software 
application, the installation computer authenticates the 
integrity of the software application. 

11. The method of claim 10, wherein the installation 
computer uses the cryptographic signature to authenticate the 
integrity of the software application. 

12. A method for the electronic distribution of a 
software application from a distribution computer to an 
installation computer comprising the steps of: 

a. receiving identifying information at said 
distribution computer; 

b, embedding said identifying information in said 
software application at said distribution computer to 
form an identifiable software application; 

c- generating a cryptographic signature for said 
identifiable software application; 

d. embedding said cryptographic signature in said 
identifiable software application to form an 
identifiable and authenticable software application; 

e. transferring said_ identifiable and authenticable 
software application from said distribution computer 
to said installation computer; and 
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f . installing said identifiable and authenticable 
software application at said installation computer. 

13. The method of claim 12, wherein the distribution 

computer and the installation computer are connected by the 
5 Internet. ^ 

^nfo^ °' " °" identifying 

information received at said distribution computer is 

transmitted from said installation computer. 



10 



15. A software distribution computer for distributing an 
Identifiable and authenticable software application to a user 
comprising: 



a. 



15 



20 



25 



a communications link between said software 
distribution computer and said user; 

b. a storage device for storing a software 
application for distribution; 

c. a communications interface in communication with 
said link, for receiving identification data from 
said user, and for transferring said identifiable and 
authenticable software application to said user- 

d. means for embedding identification data received 
from said installation computer in said software 
application to form an identifiable software 
application; 

e. means for generating a cryptographic signature for 
said identifiable software application; and 

f. means for embedding said cryptographic signature 
m said identifiable software application to form 
said identifiable and authenticable software 
application. 



BNSOCCID: <WO_98457eaA1J.> 



wo 98/45768 PCT/CA98/00241 

- 33 - 

16. A software installation computer for receiving an 
identifiable and authenticable software application 
distributed by a distribution computer: 

a. a communications link between said software 

5 installation computer and said software distribution 

computer; 

b. a storage device for storing identification data, 
and for storing an installed software application; 

c. a computer communications interface in 

10 communication with said link, for transferring said 

identification data, and for receiving said 
identifiable and authenticable software application, 
the identifiable and authenticable software 
application having embedded therein the 

15 identification data, and a cryptographic signature of 

the identifiable and authenticable software 
application; 

d. means for installing said identifiable and 
authenticable software application on said computer 

2 0 storage device. 

17. A software distribution computer for distributing an 
identifiable and authenticable software application from a 
distribution computer to an installation computer comprising: 



a distribution computer; 
2 5 an installation computer; 

a communications link between said installation computer 
and distribution computer; 

said distribution computer comprising: 
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a. distribution computer storage device for storing a 
software application for distribution; 

b. a distribution computer communications interface 
xn communication with said link, for transferring an 
Identifiable and authenticable software application 
to said installation computer and for receiving 
identification data from said installation computer; 

c. means for embedding identification data received 
from said installation computer in said software 
application to form an identifiable software 
application; 

d. means for generating a cryptographic signature for 
said identifiable software application; and 

e. means for embedding said cryptographic signature 
xn said identifiable software application to form an 
xdentifiable and authenticable software application; 

said installation computer comprising: 

a. an installation computer storage device for 
storing said identification data, and for storing an 
xnstalled software application; 

b. an installation computer communications interface 
xn communication with said link, for transferring 
said identification data to said distribution 
computer and for receiving said identifiable and 
authenticable software application from said 
distribution computer; and, 

d. means for installing said software application on 
said installation computer storage device. 
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